Enforcing user-space privilege separation with declarative architectures

Ben Niu, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Applying privilege separation in software development is an effective strategy for limiting the damage of an attack on a software system. In this approach, a software system is separated into a set of communicating protection domains of least privilege. In a privilege-separated system, even if one protection domain is hijacked by an attacker, the rest of the system may still function. uPro is a tool that provides efficient and flexible enforcement of privilege separation. It adopts software-based fault isolation to implement protection domains in the user-space so that inter-domain communication is efficient. It provides a declarative language to describe an application's security architecture, facilitating developers to identify different architecture alternatives. The evaluation shows that real applications can be ported to uPro with enhanced security, acceptable performance, and declarative architectures.

Original languageEnglish (US)
Title of host publicationSTC'12 - Proceedings of the Workshop on Scalable Trusted Computing
Pages9-20
Number of pages12
DOIs
StatePublished - Nov 26 2012
Event7th ACM Workshop on Scalable Trusted Computing, STC 2012 - Raleigh, NC, United States
Duration: Oct 15 2012Oct 15 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other7th ACM Workshop on Scalable Trusted Computing, STC 2012
CountryUnited States
CityRaleigh, NC
Period10/15/1210/15/12

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Enforcing user-space privilege separation with declarative architectures'. Together they form a unique fingerprint.

  • Cite this

    Niu, B., & Tan, G. (2012). Enforcing user-space privilege separation with declarative architectures. In STC'12 - Proceedings of the Workshop on Scalable Trusted Computing (pp. 9-20). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/2382536.2382541